package com.example.securitydemo.controller;

import com.example.securitydemo.entity.User;
import com.example.securitydemo.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.List;

@RestController
@RequestMapping("/user")
public class UserController {

    @Autowired
    public UserService userService;

    @GetMapping
//    @PreAuthorize("hasAnyRole('ADMIN') and authentication.name == 'admin'")
    public List<User> getList() {
        return userService.list();
    }

    @PostMapping
//    @PreAuthorize("hasAuthority('USER_ADD')")
    public void add(@RequestBody User user) {
        userService.saveUserDetails(user);
    }
}
